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In the Claims: 

1. (original) A method used in the control of a physical system, comprising 
the steps of 

(a) modelling a risk chain, the risk chain being a series of two or more 
entities that each model a discrete part of how a threat leads to damage to a 
target system, each entity being described as a population of elements 
distributed in a parameter or parameters, each entity generating the next 
entity in the chain; and 

(b) controlling the physical system by using results of the modelling, 

2. (original) The method of Claim 1 in which the way one entity in the risk 
chain generates another entity in the risk chain is described by a quantitative 
generation function. 

3. (currently amended) The method of Claim 1 [or 2] comprising the 
further step of modelling countermeasures to one or more entities in the risk 
chain, each countermeasure being quantitatively described as a function of one 
or more variables. 

4. (original) The method of Claim 3 comprising the further step of 
deploying a countermeasure to an entity in such a manner so that the effect of 
the entity is diminished to a defined, quantitative level. 
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5. (currently amended) The method of any pr e ceding Claim 3 [or 4] in 
which the or each variable describing a countermeasure determines the 
efficacy of that countermeasure in modifying the population of elements in an 
entity or influencing how one entity in the risk chain generates another entity 
in the risk chain. 

6. (currently amended) The method of Claim 3[, 4 or 5] in which the 
deployment of countermeasures is quantitatively optimised. 

7. (currently amended) The method of any pr e c e ding Claim 1 in which the 
distribution of elements of an entity in a parameter is a measured distribution. 

8. (original) The method of Claim 7 in which the measured distribution is a 
real-time measured distribution. 

9. (currently amended) The method of Claim 7 [or 8] in which the 
measured distribution is compared to a predicted distribution, the comparison 
enabling the accuracy of an algorithm used to make the prediction to be 
improved. 

10. (currently amended) The method of any pr e c e ding Claim 1 in which the 
controlled system is controlled by being dynamically altered on the basis of the 
modelling. 
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11. (original) The method of Claim 10 in which the controlled system is 
dynamically altered based on measurements of the distribution of elements in 
one or more parameters. 

12. (currently amended) The method of any pr e c e ding Claim 3 in which 
each entity in the risk chain is an entity with substantially the properties of an 
entity selected from the following list of entity types: threat agents; attacks; 
security breaches; disruptions; damage. 

13. (currently amended) The method of Claim 12 wh e n depend e nt on any of 
Claims 3 — 4 in which the countermeasure that modifies the threat agent entity 
or influences the output of that entity is an ameliorative measure. 

14. (currently amended) The method of Claim 12 wh e n d e p e nd e nt on any of 
Claims 3 — 6 in which the countermeasure that modifies the attack entity or 
influences the output of that entity is a resistive measure. 

15. (currently amended) The method of Claim 12 wh e n d e p e nd e nt on any of 
Claims 3 — 6 in which the countermeasure that modifies the security breach 
entity or influences the output of that entity is a mitigative measure. 

16. (currently amended) The method of Claim 12 wh e n d e p e nd e nt on any of 
Claims 3 — 6 in which the countermeasure that modifies the disruption entity or 
influences the output of that entity is an alleviative measure. 
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17. (currently amended) The method of any prec e ding Claim 1 in which the 
target system is a computer. 

18. (currently amended) The method of any pr e c e ding Claim 1 [-16] in which 
the target system is a computer network. 

19. (currently amended) The method of any pr e c e ding Claim 1 [-16] in which 
the target system is a telecommunication system. 

20. (currently amended) The method of any pr e c e ding Claim 1 [-16] in which 
the target system is a mobile communications device or personal digital 
assistant. 

21 . (currently amended) The method of any pr e c e ding Claim 1 [-1 6] in which 
the target system is a building, group of buildings, physical infrastructure, 
means of transport or a transport infrastructure, aircraft or vehicle. 

22. (currently amended) The method of any pr e c e ding Claim 1 [-16] in which 
the target system is a physical storage container. 

23. (currently amended) The method of any pr e c e ding Claim 1 [-16] in which 
the target system is a business, business process or business system. 

24. (currently amended) The method of any preceding Claim 1 in which an 
entity in the risk chain describes a population of one or more people who seek 
or otherwise obtain unauthorised access to the target system or who seek to or 
otherwise influence it in an unauthorised manner. 
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25. (currently amended) The method of any pr e c e ding Claim 1 [-23] in which 
an entity in -the risk chain describes a population of one or more computer 
viruses or worms or Trojan Horses or computers. 

26. (original) The method of Claim 25 in which a parameter is the age of 
the virus. 

27. (currently amended) The method of any pr e c e ding Claim 1 [-23] in which 
an entity of the risk chain describes a population of one or more fires, floods, 
earthquakes or other physical acts which have an impact on the target system. 

28. (original) A method of modelling a specific security threat to a system, 
comprising the step of modelling a risk chain, the risk chain being a series of 
two or more entities that each model a discrete part of how a threat leads to 
damage to the system, each entity being described as a population of elements 
distributed in a parameter or parameters, each entity generating the next 
entity in the chain. 

29. (original) The method of Claim 28 in which the way one entity in the 
risk chain generates another entity in the risk chain is described by a 
quantitative generation function. 

30. (currently amended) The method of Claim 28 [or 29] comprising the 
further step of modelling countermeasures to one or more entities in the risk 
chain, each countermeasure being quantitatively described as a function of one 
or more variables. 
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31. (original) The method of Claim 30 comprising the further step of 
deploying a countermeasure to an entity in such a manner so that the effect of 
the entity is diminished to a defined, quantitative level. 

32. (currently amended) The method of any preceding Claim 30 [or 31] in 
which the or each variable describing a countermeasure determines the 
efficacy of that countermeasure in modifying the population of elements in an 
entity or influencing how one entity in the risk chain generates another entity 
in the risk chain. 

33. (currently amended) The method of Claim 30[, 31 or 32] in which the 
deployment of countermeasures is quantitatively optimised. 

34. (currently amended) The method of any pr e c e ding Claim[s] 28 [■ 33] in 
which the distribution of elements of an entity in a parameter is a measured 
distribution. 

35. (original) The method of Claim 34 in which the measured distribution is 
a real-time measured distribution. 

36. (currently amended) The method of Claim 34 [or 35] in which the 
measured distribution is compared to a predicted distribution, the comparison 
enabling the accuracy of an algorithm used to make the prediction to be 
improved. 
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37. (currently amended) The method of any pr e ceding CLaim[s] 28[- 36] in 
which the system is controlled by being dynamically altered on the basis of the 
modelling. 

38. (original) The method of Claim 37 in which the controlled system is 
dynamically altered based on measurements of the distribution of elements in 
one or more parameters. 

39. (currently amended) The method of any pr e c e ding Claims 28 — 3& Claim 
30 in which each entity in the risk chain is an entity with substantially the 
properties of an entity selected from the following list of entity types: threat 
agents; attacks; security breaches; disruptions; damage. 

40. (currently amended) The method of Claim 39 wh e n d e p e nd e nt on any of 
Claims 30 — 33 in which the countermeasure that modifies the threat agent 
entity or influences the output of that entity is an ameliorative measure. 

41 . (currently amended) The method of Claim 39 wh e n dep e nd e nt on any of 
Claims 30 — 33 in which the countermeasure that modifies the attack entity or 
influences the output of that entity is a resistive measure. 

42. (currently amended) The method of Claim 39 wh e n d e p e nd e nt on any of 
Claims 30 — 33 in which the countermeasure that modifies the security breach 
entity or influences the output of that entity is a mitigative measure. 
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43. (currently amended) The method of Claim 39 when dependent on any of 
Claims 30 — 3£ in which the countermeasure that modifies the disruption entity 
or influences the output of that entity is an alleviative measure. 

44. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 43] in 
which the system is a computer. 

45. (currently amended) The method of any prec e ding Claim[s] 28 [- 43] in 
which the system is a computer network. 

46. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 43] in 
which the system is a telecommunication system. 

47. (currently amended) The method of any pr e c e ding Claimfs] 28 [■ 43] in 
which the system is a mobile communications device or personal digital 
assistant. 

48. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 43] in 
which the system is a building, group of buildings, physical infrastructure, 
means of transport or a transport infrastructure, aircraft or vehicle. 

49. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 43] in 
which the system is a physical storage container. 

50. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 43] in 
which the system is a business, business process or business system. 
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51. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 50] in 
which an entity in the risk chain describes a population of one or more people 
who seek or otherwise obtain unauthorised access to the target system or who 
seek to or otherwise influence it in an unauthorised manner. 

52. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 50] in 
which an entity in the risk chain describes a population of one or more 
computer viruses or worms or Trojan Horses or computers. 

53. (original) The method of Claim 52 in which a parameter is the age of 
the virus. 

54. (currently amended) The method of any pr e c e ding Claim[s] 28 [- 50] in 
which an entity in the risk chain describes a population of one or more fires, 
floods, earthquakes or other physical acts which have an impact on the target 
system. 

Claims 55 - 64 (cancelled) 
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